bspatch: simplify capsicumization

Assume that user wants to run with capsicum support if he builds the software with HAVE_CAPSICUM. Treat running application without capsicum in the kernel as an error. MFC after: 3 weeks
2018-11-07 21:01:14 +00:00 · 2018-11-07 21:01:14 +00:00 · a25896ca12
commit a25896ca12
parent 179460e148
1 changed files with 15 additions and 19 deletions
--- a/usr.bin/bsdiff/bspatch/bspatch.c
+++ b/usr.bin/bsdiff/bspatch/bspatch.c
@ -144,12 +144,9 @@ int main(int argc, char *argv[])
 	atexit(exit_cleanup);

 #ifdef HAVE_CAPSICUM
-	if (cap_enter() < 0) {
-		/* Failed to sandbox, fatal if CAPABILITY_MODE enabled */
-		if (errno != ENOSYS)
+	if (cap_enter() < 0)
 		err(1, "failed to enter security sandbox");
-	} else {
-		/* Capsicum Available */
+
 	cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK);
 	cap_rights_init(&rights_wr, CAP_WRITE);
 	cap_rights_init(&rights_dir, CAP_UNLINKAT);
@ -163,7 +160,6 @@ int main(int argc, char *argv[])
 	    cap_rights_limit(dirfd, &rights_dir) < 0)
 		err(1, "cap_rights_limit() failed, could not restrict"
 		    " capabilities");
-	}
 #endif

 	/*